Download pdf - Preparing for the Imminent Terabit DDoS Attack

© 2014 Imperva, Inc. All rights reserved.

Preparing for the Imminent Terabit DDoS Attack

Confidential 1

Orion Cassetto, Sr. Product Marketing Manager, Incapsula


Agenda

Confidential 2

§ Network DDoS trends §  Is a Terabit DDoS attack imminent? § Attributes of a DDoS-resilient network §  Infrastructure and DNS protection


Incapsula, An Imperva Company

Confidential 3

§  Founded in 2009 by a group of security industry veterans with strong expertise in web application security, online safety, and identity theft

§ Spun out of, and subsequently, acquired by Imperva § Cloud-based solution includes

•  Enterprise-grade Website Security §  PCI-certified Web Application Firewall

•  DDoS Protection •  Load Balancing & Failover

§ All fully integrated on top of our global CDN

© 2014 Imperva, Inc. All rights reserved. 4

§ Product Marketing Manager for Incapsula

§ Previously held product marketing positions at Imperva and Armorize Technologies

§ Experienced in Web app security and SaaS security solutions

§ Holds degrees in Asian Studies and Chinese Language from Washington State University

Orion Cassetto Sr. Product Marketing Manager, Incapsula

Confidential


DDoS Landscape – Attacks Getting Bigger

Confidential 5


Average DDoS Attack Sizes Are Growing

Not only are big attacks getting bigger, average attack sizes are also growing – in 2013 the mean attack size was 10Gbps.

Source: 2014 Verizon Data Breach Investigation Report

6 Confidential


Where Do We Stand Today?

34%

66%

<10Gbps

>=10Gbps

Two thirds of a1acks exceed 10Gbps More than 13% exceed 40Gbps

7 Confidential


It’s Not All Bandwidth

More than 25% of a1acks exceed 10Mpps Most IPS/IDS will crash at 5Mpps

8 Confidential


Recent Campaigns / SaaS Applications

9 Confidential


Recent Campaigns / DNS Providers

10 Confidential


How Are Attackers Reaching These Numbers?

§ Are botnets becoming bigger? •  No, according to www.shadowserver.org

§ Are there more open DNS resolvers? •  No, the number is actually declining according to

www.openresolverproject.org

§ Are there more open NTP servers? •  Probably not, www.openntpproject.org

§ So what is it then?

11 Confidential


§  They are using bigger guns

Example of a 4Mpps a1ack Less than 30 IPs are generaIng more than 99% of the traffic

12 Confidential

How Are Attackers Reaching These Numbers?


What Can We Learn From All This?

§  The stronger the Internet becomes, the stronger the attacks

§  The largest attacks use a small set of super resources rather than a large set of weak resources

§ Attacks will far exceed a single network’s capacity § Can we expect a 1Tbps+ attack within the next 12-36

months?

13 Confidential


A DDoS Resilient Network

Scalable architecture Scalable business model

= Cloud

Different assets need different protecIon (FTP != HTTP != DNS)

You can’t defend yourself from what you don’t see

React quickly to preserve the false posiIve to false negaIve

balance

In depth protection

Visibility Rapid response

Capacity scale

14 Confidential


Threats Facing Various Online Services

TCP / UDP SSH FTP

DNS

Application data

HTTP

Advanced persistent threats (APT) SQL injecIon

DNS query a1ack POST flood

SYN flood DNS amplificaIon NTP amplificaIon Direct IP a1acks

15 Confidential


Incapsula DDoS Protection

TCP / UDP SSH FTP

DNS

Application data

HTTP

Incapsula Web ApplicaIon Firewall

Incapsula ApplicaIon protecIon Incapsula DNS protecIon

Incapsula Infrastructure protecIon

16 Confidential


Incapsula Application Protection

Always On / On Demand

Protect HTTP/S Applications

Layer 3&4 and also Layer 7

17 Confidential


Incapsula DNS Protection - NEW

Always On Service

•  Protect DNS servers

•  Prevent Blacklisting

18 Confidential


Incapsula Infrastructure Protection - NEW

On Demand Service Protect all services and protocols

Protect entire IP ranges

Layer 3&4 (Network)

19 Confidential


Scaling BGP

IP ranges are announced in Anycast

20 Confidential


Imperva Positioned as a Magic Quadrant Leader

Confidential

Gartner “Magic Quadrant for Web Application Firewalls” by Jeremy D'Hoinne, Adam Hils, Greg Young, Joseph Feiman, 17 June 2014. This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from Imperva. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

21


Webinar Materials

22

Join Imperva LinkedIn Group, Imperva Data Security Direct, for…

Confidential

Post-Webinar Discussions

Answers to Attendee

Questions

Webinar Recording Link Join Group

https://www.linkedin.com/groups?mostRecent=&gid=3849609

© 2014 Imperva, Inc. All rights reserved. Confidential 23

Questions?

www.imperva.com

© 2014 Imperva, Inc. All rights reserved. Confidential 24

Thank You